Excludes delegation stack of 576 bytes and application history list of 256 bytes

Application Related Characteristics

Data Item

Value

Comments

Application EEPROM Loading Requirements

Application Header

256 bytes

Per application loaded.

Total temporary space per protected ALU

0

Total temporary space per confidential ALU

0

MULTOS Application Function

Static Page Size (1 page)

64 bytes

Maximum write size in pages

9 pages

Maximum ATR File record size

32 bytes

Maximum ATR Historical Byte record size

15 bytes

Maximum DIR File record size

64 bytes

Maximum FCI record size

64 bytes

Maximum inbound TPDU size

256 bytes

Maximum outbound TPDU size

255 bytes

Under T=1 the maximum is 258 bytes

Maximum delegation nest count

1

1 level guaranteed. This value can be customised up to 5 using an AMD.

Maximum application history list entries

0 to 255

Standard configuration is 10. This value can be customised using an AMD.

Retry Counters

Set MSM Controls

6

Create MEL Application

32 to 255

Standard configuration is 32.

Delete MEL Application

32 to 255

Standard configuration is 32.

Key Lengths

KCK Public Key length

128 bytes

Permitted Application Provider Public Key lengths

64, 72, 80, 96, 112 bytes

KMA will accept APPK between 72 and 128 bytes inclusive.

MULTOS TKCK length

96 bytes

Primitive Support

The primitives listed here are those that were included in the target specification.

Primitive

Supported

Optional / Mandatory

Add BCDN

Yes

Optional

Bit Manipulate Byte

Yes

Bit Manipulate Word

Yes

Call Codelet

Yes

Call Extension 0, 1, 2, 3, 4, 5, 6

Yes

Card Block

Yes

Check Case

Yes

Checksum

Yes

Control Auto Reset WWT

Yes

Delegate

Yes

DES ECB Decipher

Yes

DES ECB Encipher

Yes

DivideN

Yes

Generate Asymmetric Hash

No

Generate Asymmetric Hash General

Yes

Generate Asymmetric Signature General

Yes

Optional

Generate DES CBC Signature

Yes

Generate Random Prime

Yes

Optional

Generate Triple DES CBC Signature

Yes

Get Data

Yes

Get Delegator AID

Yes

Get DIR File Record

Yes

Get File Control Information

Yes

Get Manufacturer Data

Yes

Get Memory Reliability

Yes

Get MULTOS Data

Yes

Get Purse Type

Yes

Get Random Number

Yes

Load CCR

Yes

Lookup

Yes

Memory Compare

Yes

Memory Compare Fixed Length

Yes

Memory Copy

Yes

Memory Copy Fixed Length

Yes

Memory Copy Non-Atomic

Yes

Optional

Memory Copy Non-Atomic Fixed Length

Yes

Optional

Modular Exponentiation

Yes

Modular Exponentiation CRT

Yes

Modular Inverse

Yes

Optional

Modular Multiplication

Yes

Optional

Modular Reduction

Yes

Optional

MultiplyN

Yes

Query Codelet

Yes

Query Interface Type

Yes

Query0, Query1, Query2, Query3

Yes

Reset Session Data

Yes

Reset WWT

Yes

Return from Codelet

Yes

SEED ECB Encipher

Yes

Optional

SEED ECB Decipher

Yes

Optional

Set ATR File Record

Yes

Set ATR Historical Characters

Yes

Set ATS Historical Characters

Yes

Optional

Set FCI Record

Yes

Set Transaction Protection

Yes

Set Select SW

Yes

SHA-1

Yes

Shift Left

Yes

Shift Right

Yes

Store CCR

Yes

Subtract BCDN

Yes

Optional

Verify Asymmetric and Retrieve General

Yes

Optional

Implementation Specific Characteristics

Zero Block Size

The following instructions and primitives have the block size specified in the code (as opposed to being run-time data). The following table shows how each will perform if a zero block size is specified.

Type

Instruction / Primitive

Operation

Instruction

LOAD, STORE, LOADI, STOREI

no operation

CLEARN

no operation

TESTN, INCN, DECN, NOTN

Z = 1

CMPN, ADDN, SUBN

C = 0, Z = 1

ANDN, ORN, XORN

Z = 1

Primitive

MultiplyN

Z = 1

DivideN

C = 1, Z = unchanged

ShiftLeft, ShiftRight

Add BCDN, Subtaract BCDN

C = 0, Z = 1

GetDIRFileRecord
GetFileControlInformation

One byte set to zero pushed onto stack,

If the application specified does not exist, C = 1, Z = 1

If the application specified exists, C = 0, Z = 0

GetManufacturerData
GetMULTOSData
GetPurseType

One byte set to zero pushed onto stack, C = 0

MemoryCompareFixedLength

DT’ = DT - 4, C = 0, Z = 1

MemoryCopyFixedLength

DT’ = DT - 4

Maximum Number of Pages Permitted in a Single Write

The maximum rewrite page number is 9. Regardless of whether transaction protection is on or off, an application must not perform a single write to Static that spans more than nine pages. If data is written in the 10th page, the system abends.

The maximum number of rewrite pages includes the number of pages written to EEPROM by primitives shown in the following table:

Primitives

Pages used

Card Block

1

Set Select SW

1

Set ATR File Record Primitive

1

Set ATR Historical Characters Primitive

1

Set FCI Record

2

Note that the maximum number of pages (9 pages) includes the number of pages used by application as well as the number of pages used by primitives.

Condition Code Register

This implementation does not support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.

Supported Modulus Lengths of Cryptographic Primitives

All values given are in bytes.

Primitive

Lengths supported

Modular Exponentiation, public exponent not 3

Greater than 0 and less than or equal to 128

Modular Exponentiation, public exponent of 3

Greater than 0 and less than or equal to 128

Modular Exponentiation CRT

Greater than or equal to 2 and less than or equal to 256

Modular Inverse

Greater than 0 and less than or equal to 128

Modular Multiplication

Greater than 0 and less than or equal to 128

Modular Reduction

Greater than 0 and less than or equal to 128

Important Remarks

This section contains important remarks about the Primitives and IFD commands of this implementation.

Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2.

Checksum

If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated.

Delegate

When the application issues the Delegate primitive, Dynamic (Only the part used) and application control information on the issued application save once to area of EEPROM(Delegation stack).

Therefore, the application developer should consider EEPROM writes in every Delegate primitive issuance.

Generate Asymmetric Hash

If b2 (mode) takes an unsupported value, this primitive performs no operation. In particular, no bytes are popped from the stack. The hash modulus length must be less than or equal to 128 bytes and greater than or equal to 72 bytes, or an abend will occur.

Mode = 4 and mode = 5 are also supported. In these modes, The hash chain length must be less than or equal to 20 bytes and greater than or equal to 16 bytes, or an abend will occur.

Generate Random Prime

The flag must be equal to 0x00 or 0x80.

The conf must not be equal to 0.

The rgExp must be less than or equal to 128 bytes and greater than or equal to 6.

The rgMin must be less than the rgMax.

If any other these conditions are not met an abnormal end will occur.

Actual time to timeout depends on a clock rate.

Time To Timeout (msec) =

Get Manufacturer Data

Get MULTOS Data

Get Purse Type

Get Data

If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

Get Memory Reliability

MULTOS 4 always indicates memory is reliable: C = 0, Z = 0.

Lookup

If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack.

SetFCIRecord

Regardless of fci_record_size declared by ALC, rewrite always is possible up to max_fci_record_size size.

Memory Copy Non Atomic

Memory Copy Non Atomic Fixed Length

Whether the transaction protection status is “on” or “off”, the source datas that are copied by these primitives will be written to the destination directly, not through transaction protection buffers.

Modular Exponentiation

This primitive may be used in one of two ways. In both cases the modulus value must be odd.

Full exponentiation
The exponent length and modulus length must be less than or equal to 128 bytes. The exponent length and modulus length must be greater than 0. The exponent length must be less than or equal to that of the modulus. The most significant byte must not be 0. If any of these conditions is not met an abnormal end to processing will occur.

Public Exponentiation
The exponent must be 3, 257 or 65537.
The modulus length must be greater than or equal to the exponent length, but not greater than 128 bytes. If any of these conditions is not met an abnormal end to processing will occur.

Modular Exponentiation CRT

The modulus length must be greater than 0, but not greater than 256 bytes in length. It must also be an even value. If any of these conditions is not met an abnormal end will occur.

Note:

The most significant byte must not be 0.

The least significant bit of pq must be 1.

Modular Inverse

The modulus length and the data length must be greater than 0 and less than or equal to 128 bytes.

The modulus must not have any leading zero bytes.

b2(Prime) value must be 0 or 1.

If any other these conditions are not met an abnormal end will occur.

If the modulus value is even number, process is executed by b2(Prime) value = 0.

Modular Multiplication

The least significant bit of the modulus must be set to 1.

The modulus length must be greater than 0 and less than or equal to 128 bytes.

The modulus must not have any leading zero bytes.

If any other these conditions are not met an abnormal end will occur.

Note that if both operand1 and operand2 are equal to or greater than the modulus, the result can not be guaranteed.

Modular Reduction

The modulus length must be greater than 0 and less than or equal to 128 bytes.

The data length must be equal or greater than the modulus length.

The modulus must not have any leading zero bytes.

If any of these conditions are not met an abnormal end will occur.

Set Transaction Protection

Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2.

The Hitachi v4 card copies the memory to a temp store and write changes to the temp memory. In the case of Commit the temp data is rewritten to memory.

Shift Left and Shift Right

With b2 > 0, if b3 = 0, C= 0 and Z is set appropriately.
The output block is equal to the input block (the input block is not changed).

In this implementation, data is not written. This primitive operate only with contact mode, and returns C=0, Z=1 and data size of written ATS Historical Characters to stack. Data size is overwrite as “0”.

Query Interface Type

This primitive operate only with contact mode. C=0, Z=1. This primitive pop no stack

Codelets Available

There are twenty codelets available:

0015:Mondex Purse 2+ (SR2)

0007:M/Chip Select V2.0.5

0026:M/Chip Select V4

0032:MODS

0016:J/Smart V1.0

0025:J/Smart V2.0

0020:dnPKI. Note that this can only be activated by DNP.

000C:DNP/Hitachi MultiPockets. Note that this can only be activated by DNP.

000D:General PKI (JICSAP)

0023:JBA(Mach Edition)

0029:JICSAP subset

002A:JPA (Plet’s). Note that this can only be activated by DNP.

002B:SafetyPass(Authentication)

002C:JBA. (Note that this can only be activated by DNP.)

002D:SafetyPass(Point)

002E:ETC. Note that this can only be activated by DNP.

0036:Korean PKI_036

003A:Korean PKI_03A

0039:Korean Cash

0024:JBA. (Hitachi Version. Note that this can only be activated by Hitachi.)